Adversary Village

adversaryvillage.org

Adversary Village will be there at c0c0n this year!

Adversary Village is a community initiative which primarily focuses on adversary tactics, adversary simulation/emulation, threat/APT/Ransomware emulation, breach and attack simulation, supply chain security, adversary life, adversary mindset, philosophy, adversary tradecraft, urban survival skills and purple teaming.

Over the years, we have been successfully hosting the village at various editions of DEF CON hacking and cyber security conference, Las Vegas and most recently at RSA Conference San Francisco as well.

The goal of the Adversary Village is to build an open Security community for the researchers and organizations, who are putting together new means, methodologies towards the simulation and emulation of adversary tactics and purple teaming; also to provide great value and resources to organizations and security researchers to obtain the maximum security ROI. Adversary Village will be organizing technical talks, workshops, live demos, Adversary Wars CTF, panel discussions and other hands-on activities on adversary simulation, adversary emulation and purple teaming.

Hands-on activities: Adversary Simulation and Offensive Security

Oct 6: 11:00 to 17:00 | Oct 7: 10:30 to 16:00

Adversary Simulator / Purple teaming hands-on Booth
Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics. This is a volunteer assisted activity where anyone, both management and technical folks can come-in and experience different categories of simulation, emulation and purple scenarios. Adversary Simulator booth will be having a lab environment focused on recreating enterprise infrastructure, aimed at simulating and emulating various adversaries. The booth visitors will be able to view, simulate and control various TTPs used by adversaries. The simulator is meant to be a learning experience, irrespective of whether one is hands-on with highly sophisticated attack tactics or from the management.

Scavenger Hunt
A scavenger hunt is a game or activity in which participants are given a list of items, clues, or tasks to find or complete within a specified area or time frame. Participants work individually or in teams to locate the items or solve the clues, often racing against each other. The goal is to be the first to complete the list or tasks or to accumulate the most points. This Scavenger hunt takes place at the c0c0n venue using the components available at the conferencearea.

Choose-Your-Own Adversary Adventure - Interactive game
Adversary Adventure is a Choose Your own Adventure model interactive game, where everyone can participate, focused on Adversary Simulation, Purple teaming, Adversary Tactics, Defense and Management!
Choose the various activities of an adversary, post exploitation OR a Defender who is defending against an adversary. OR you can even play as a CISO who is dealing with an adversarial situation.

Hands-on Physical Security Simulation and Lockpicking Powered by DEF CON Group Trivandrum
Learn more about physical security simulation, physical security, lock picking and related concepts. There will be a wide variety of locking mechanisms and physical security demonstrations where the participants can try to bypass the security mechanisms.

Hands-on interactive workshop

Oct 6: 12:00 to 13:00

Flipper Zero: Introduction to Hardware Hacking and Emulation

This workshop will introduce you to the Flipper Zero, a small, affordable, and powerful hardware hacking device. The workshop will be hands-on, and participants will have the opportunity to use the Flipper Zero to learn about the different technologies it can interact with. No prior experience with hardware hacking is necessary. The workshop will cover the following topics:

istening to and capturing radio frequencies in the sub-GHz range.
Reading, capturing, and emulating NFC cards.
Reading, capturing, and emulating 125kHz RFID tags.
Reading, capturing, and sending infrared signals.
Reading, capturing, and emulating iButtons.
Using the Flipper Zero as a Bad USB device.
Using the Flipper Zero as a security key (U2F).
Playing Snake on the Flipper Zero. (Fun Time)

The workshop will be hands-on, and participants will have the opportunity to use the Flipper Zero to learn about the different technologies it can interact with. No prior experience with hardware hacking is necessary. Who should attend this workshop? This workshop is for anyone who is interested in learning about hardware hacking. It is a great introduction to the Flipper Zero, and it will give you the skills you need to start exploring the world of hardware hacking.

By the end of this workshop, you will be able to:

Use the Flipper Zero to listen to and capture radio frequencies in the sub-GHz range.
Read, capture, and emulate NFC cards.
Read, capture, and emulate 125kHz RFID tags.
Read, capture, and send infrared signals.
Read, capture, and emulate iButtons.
Use the Flipper Zero as a Bad USB device.
Use the Flipper Zero as a security key (U2F).

Requirements:
You will need to bring the following items to the workshop:
A Flipper Zero device (If available), A USB cable, A laptop

Vishnu Prasad P G [VPG]

Security Engineer at UST, Technical lead at Adversary Village

Vishnu Prasad P G aka VPG is an accomplished Security Engineer based in India, working for a major consulting organization, also serving as the Technical Lead at the Adversary Village community initiative. With a fervent dedication to the field, Vishnu specializes in application security, hardware hacking, and red teaming. His expertise and enthusiasm in safeguarding digital assets make him a valuable asset in the cyber security landscape.

Sreehari Haridas [Invisible]

Red Team Lead, CTF Master at Adversary Village

Sreehari Haridas is an experienced Offensive Security Researcher and Red teamer who loves to break things. Currently, he is working as an Offensive security lead in a FinTech company. He is also a core member of DEF CON Group Trivandrum and CTF Master at Adversary Village.

Hands-on interactive talk

Oct 6: 15:00 to 16:00

Large Language Model (LLM) Security Primer

In the rapidly evolving world of Artificial Intelligence and Machine Learning (AI/ML), there are myriad concepts and considerations to explore. The talk delves into the core foundations and critical aspects of AI/ML systems. We will begin by unraveling the basics of AI/ML, shedding light on the fundamental principles that underpin intelligent computer systems. From understanding the essence of AI to the practical implications of machine learning, we'll demystify these technologies.
Large Language Models (LLMs) have become prominent players in AI, but what exactly are they? and what they are not, debunking common misconceptions. You'll gain insight into the lifeline of a query and discover more about Tuning LLM(s), how they process etc.
We'll delve into potential attack types, emphasizing the importance of safety and effectiveness in AI systems. Addressing data privacy concerns, input-related attacks, isolation strategies, and security of training data and models along with strategies to safeguard the training data.

Abhishek S [Bugwatch]

Security Engineer at Flipkart, CTF Master at Adversary Village

Abhishek S is a Security Engineer at Flipkart with primary research focus on application security and red teaming. He is a Volunteer and CTF-Master at Adversary Village at DEF CON With over 4 years of experience playing CTF(s) and hunting for vulnerabilities in various VDP programs. He is listed in hall of fames of Google, Facebook, Microsoft and 40+ organizations for finding their security vulnerabilities. He has about four cve(s) from various organizations such as Android, Tenable, StrAPI CMS etc. currently holds various certifications such as BSCP, CRTP, GIAC etc.

Hands-on interactive workshop

Oct 7: 11:00 to 13:00

Kickstarting Adversary Simulation and Purple teaming function at your organization

This workshop is designed to equip participants with the knowledge and practical skills needed to establish and enhance a robust cybersecurity defense strategy. Adversary Simulation and Purple Teaming are critical components of modern cybersecurity, focusing on proactive testing and collaboration between offensive and defensive teams.

In this workshop, attendees will learn the fundamentals of Adversary Simulation, where they will explore the methodologies and tools used by threat actors to simulate real-world attacks on their organization's infrastructure. Participants will gain hands-on experience in running controlled simulations, identifying vulnerabilities, and assessing the organization's resilience against potential cyber threats.

The workshop will also delve into the concept of Purple Teaming, emphasizing the collaborative approach between Red Team (offensive) and Blue Team (defensive) to strengthen security measures. Attendees will discover how to foster communication and cooperation between teams, enabling them to learn from each other and improve their overall cybersecurity posture.

Participant Takeaways:

Acquire the skillset necessary for conducting adversary emulation exercises within your organization to assess defense measures.
Digital Credential badges and e-certificates
Hoodies and Limited edition electronic badges from various conferences [Only for the top participant who completes the workshop final challenge]

Who should attend this workshop:

Adversary emulation and purple teaming enthusiasts, Penetration testers, Security professionals, Management executives, Students.

Audience level:

Intermediate

Participant Requirements:

Basic understanding of Offensive Security concepts
Laptop with VMWare player/Virtual box and Kali Linux and Windows 10/11 Evaluation VMs
Internet access

Abhijith B R [Abx]

Founder at Adversary Village, Professional Hacker and Offensive Security Specialist

Abhijith B R also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. He is a professional hacker and offensive cyber security specialist, security researcher, trainer and public speaker.
Currently, he is involved with multiple companies as an independent consultant, helping them with improving their current security posture and help bridge the gap between business leadership and cyber security professionals.

He was responsible for building and managing offensive security operations and adversary simulation for a prominent FinTech company called Envestnet, Inc. In the past, he held the position of Deputy Manager - Cyber Security at Nissan Motor Corporation, and prior to that, he worked as a Senior Security Analyst at EY.
As the founder of Adversary Village he spearheads a community-driven initiative exclusively focused on adversary simulation, adversary tactics, purple teaming, threat actor/ransomware research-emulation, and offensive-adversary tradecraft. Adversary Village actively organizes villages at prominent events such as the DEF CON Hacking Conference, RSA Conference etc.
Abhijith act as the Lead Organizer of an official DEF CON Group, DC0471. He is actively involved in leading the Tactical Adversary project an initiative that centers around adversary attack simulation and red teaming tradecraft.